Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kriu
New Contributor II

Created on ‎12-29-2024 05:39 AM Edited on ‎12-29-2024 07:05 AM

Remote connection policy for FG-60E

Please help me configure a policy for one connection. FG-60E (firmware v.7.2.10) works in transparent mode between optical modem (also in transparent mode) and main router for LAN. External IP address is on router, not on modem. When Inspection Mode works in Proxy-based (Firewall Policy), one of the devices in LAN cannot communicate with its server where it sends measurement data (blitzortung.org). Policy in Flow-base mode does not block the connection. It blocks only in Proxy-base. Is it possible to set Flow-based policy for selected remote server? Or add some exclusion in current policy? I know the addresses of servers to which data is sent.

Labels:
484
0 Kudos
2 Solutions
ebilcari
Staff
Staff
In response to kriu

Created on ‎12-31-2024 01:58 AM

It should be simple from the GUI, in Firewall Policy, copy the existing policy and paste 'Above'. Set a new policy name, select the Source and create an Address for the interested device and do the same in Destination for the server. Change the inspection to 'Flow-based' and enable the policy (toggle at the bottom).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

347
0 Kudos
kriu
New Contributor II

Created on ‎01-01-2025 04:50 AM

It worked.
I created a new policy, I had to enter the server addresses only in Destination.

View solution in original post

328
4 REPLIES 4
ebilcari
Staff
Staff

Created on ‎12-30-2024 02:49 AM

You can create a dedicated policy specific for only this host to server traffic and position it above the existing policy.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
398
kriu
New Contributor II

Created on ‎12-30-2024 09:39 AM

Yes, but how to do it? - I have no experience with FG

374
0 Kudos
ebilcari
Staff
Staff
In response to kriu

Created on ‎12-31-2024 01:58 AM

It should be simple from the GUI, in Firewall Policy, copy the existing policy and paste 'Above'. Set a new policy name, select the Source and create an Address for the interested device and do the same in Destination for the server. Change the inspection to 'Flow-based' and enable the policy (toggle at the bottom).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
348
0 Kudos
kriu
New Contributor II

Created on ‎01-01-2025 04:50 AM

It worked.
I created a new policy, I had to enter the server addresses only in Destination.

329
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.